TLS安全的docker registry —— 自簽名證書 安裝

原創 XuYongshi02 2020-02-21 12:04 
自簽名docker registry 安裝 記錄



安全的Docker registry, 包含Authentication, ACL, TLS 等,
不安全的, 包括, 只有簽名的(TLS)的認證, 和 完全開放的。


以下是安裝Docker registry 後, 利用openssl 生成一個自簽名的證書, 用戶信任 Registry 的站點。


1. 基本信息

系統 64RedHat 7.2




[root@ip-172-30-0-61 ~]# hostname

ip-172-30-0-61.ec2.internal

[root@ip-172-30-0-61 ~]# uname -a

Linux ip-172-30-0-61.ec2.internal 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

[root@ip-172-30-0-61 ~]# cat /etc/redhat-release 

Red Hat Enterprise Linux Server release 7.2 (Maipo)

[root@ip-172-30-0-61 ~]#



 


IP 地址: 172.30.0.61

[root@ip-172-30-0-61 ~]# echo “172.30.0.61     ip-172-30-0-61 ip-172-30-0-61.ec2.internal” >> /etc/hosts


2. 準備證書(自簽名)

2.1 創建目錄




[root@ip-172-30-0-61 ~]# mkdir /certs -p
;  cd /certs/

[root@ip-172-30-0-61 certs]# 




2.2 生成證書
openssl req     -newkey rsa:4096 -nodes -sha256 -keyout /certs/mydomain.key     -x509 -days 365 -out /certs/mydomain.crt






[root@ip-172-30-0-61 certs]# openssl req \

>     -newkey rsa:4096 -nodes -sha256 -keyout /certs/mydomain.key \

>     -x509 -days 365 -out /certs/mydomain.crt

Generating a 4096 bit RSA private key

..........++

................................................................................................++

writing new private key to '/certs/mydomain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:BJ

Locality Name (eg, city) [Default City]:BJ

Organization Name (eg, company) [Default Company Ltd]:star

Organizational Unit Name (eg, section) []:cloud

Common Name (eg, your name or your server's hostname) []:ip-172-30-0-61.ec2.internal

Email Address []:[email protected]

[root@ip-172-30-0-61 certs]# ls

mydomain.crt  mydomain.key

[root@ip-172-30-0-61 certs]# 




3. 測試

以前臺模式啓動




[root@ip-172-30-0-61certs]# docker run -it --rm -p 15000:5000 --name registry \





> -v /certs:/certs \





> -eREGISTRY_HTTP_TLS_CERTIFICATE=/certs/mydomain.crt \





> -eREGISTRY_HTTP_TLS_KEY=/certs/mydomain.key \





> library/registry:2.3.0





WARN[0000]No HTTP secret provided - generated random secret. This may causeproblems with uploads if multiple registries are behind aload-balancer. To provide
a shared secret, fill in http.secret inthe configuration file or set the REGISTRY_HTTP_SECRET environmentvariable. go.version=go1.5.3instance.id=3839f5d0-2749-46b5-96ee-7475fa2c292f version=v2.3.0





INFO[0000]redis not configured go.version=go1.5.3instance.id=3839f5d0-2749-46b5-96ee-7475fa2c292f version=v2.3.0





INFO[0000]using inmemory blob descriptor cache go.version=go1.5.3instance.id=3839f5d0-2749-46b5-96ee-7475fa2c292f version=v2.3.0





INFO[0000]listening on [::]:5000, tls go.version=go1.5.3instance.id=3839f5d0-2749-46b5-96ee-7475fa2c292f version=v2.3.0





INFO[0000]Starting upload purge in 57m0s go.version=go1.5.3instance.id=3839f5d0-2749-46b5-96ee-7475fa2c292f version=v2.3.0









4. 客戶端配置

4.1 未配置前




[root@ip-172-30-0-61 ~]#curl -khttps://ip-172-30-0-61.ec2.internal:15000


[root@ip-172-30-0-61 ~]#curl https://ip-172-30-0-61.ec2.internal:15000





curl: (60) Peer'scertificate issuer has been marked as not trusted by the user.





More details here:http://curl.haxx.se/docs/sslcerts.html











curl performs SSLcertificate verification by default, using a "bundle"





of Certificate Authority(CA) public keys (CA certs). If the default





bundle file isn'tadequate, you can specify an alternate file





using the --cacertoption.





If this HTTPS server usesa certificate signed by a CA represented in





the bundle, thecertificate verification probably failed due to a





problem with thecertificate (it might be expired, or the name might





not match the domain namein the URL).





If you'd like to turn offcurl's verification of the certificate, use





the -k (or --insecure)option.



4.2 OS級別的配置 




[root@ip-172-30-0-61 ~]# ls /etc/pki/ca-trust/source/* -laht





lrwxrwxrwx. 1 root root 59Nov 9 2015 /etc/pki/ca-trust/source/ca-bundle.legacy.crt-> /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt





-rw-r--r--. 1 root root 932Apr 23 2015 /etc/pki/ca-trust/source/README











/etc/pki/ca-trust/source/anchors:





total 0





drwxr-xr-x. 4 root root 76Nov 9 2015 ..





drwxr-xr-x. 2 root root 6Apr 23 2015 .











/etc/pki/ca-trust/source/blacklist:





total 0





drwxr-xr-x. 4 root root 76Nov 9 2015 ..





drwxr-xr-x. 2 root root 6Apr 23 2015 .





[root@ip-172-30-0-61 ~]# 





[root@ip-172-30-0-61 ~]# 





[root@ip-172-30-0-61 ~]# cp/certs/mydomain.crt/etc/pki/ca-trust/source/anchors/ip-172-30-0-61.ec2.internal.crt





[root@ip-172-30-0-61 ~]#update-ca-trust





[root@ip-172-30-0-61 ~]# ls /etc/pki/ca-trust/source/* -laht





lrwxrwxrwx. 1 root root 59Nov 9 2015 /etc/pki/ca-trust/source/ca-bundle.legacy.crt-> /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt





-rw-r--r--. 1 root root 932Apr 23 2015 /etc/pki/ca-trust/source/README











/etc/pki/ca-trust/source/anchors:





total 4.0K





-rw-r--r--. 1 root root2.1K Jun 3 06:43 ip-172-30-0-61.ec2.internal.crt





drwxr-xr-x. 2 root root 44 Jun 3 06:43 .





drwxr-xr-x. 4 root root 76 Nov 9 2015 ..











/etc/pki/ca-trust/source/blacklist:





total 0





drwxr-xr-x. 4 root root 76Nov 9 2015 ..





drwxr-xr-x. 2 root root 6Apr 23 2015 .





[root@ip-172-30-0-61 ~]# 



如訪問:




[root@ip-172-30-0-61 ~]#curl https://ip-172-30-0-61.ec2.internal:15000/v2





<a href="/v2/">MovedPermanently</a>.











[root@ip-172-30-0-61 ~]#



4.3 複製證書





[root@ip-172-30-0-61 ~]#mkdir -p /etc/docker/certs.d/ip-172-30-0-61.ec2.internal:15000





[root@ip-172-30-0-61 ~]# cp/certs/mydomain.crt/etc/docker/certs.d/ip-172-30-0-61.ec2.internal:15000/ca.crt





[root@ip-172-30-0-61 ~]# 





[root@ip-172-30-0-61 ~]# ls/etc/docker/certs.d/ip-172-30-0-61.ec2.internal:15000





ca.crt





[root@ip-172-30-0-61 ~]# 






文件結構如下:
/etc/docker/

├── certs.d

│   └── ip-172-30-0-61.ec2.internal:15000

│       └── ca.crt

├── daemon.json

└── key.json



5. 測試
5.1 客戶端命令及輸出




[root@ip-172-30-0-61 ~]#docker tag busybox ip-172-30-0-61.ec2.internal:15000/busybox:45





[root@ip-172-30-0-61 ~]#docker push ip-172-30-0-61.ec2.internal:15000/busybox:45





The push refers to arepository [ip-172-30-0-61.ec2.internal:15000/busybox]





5f70bf18a086: Pushed 





1834950e52ce: Pushed 





45: digest:sha256:6757d4b17cd75742fc3b1fc1a8d02b45b637f2ac913ee9669f5c2aed0c9b26basize: 711





[root@ip-172-30-0-61 ~]# 






5.2 服務器端輸出
5.3 鏡像存儲的目錄結構
附:docker push 操作服務器端完整輸出
INFO[0245] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=67e84f05-26a0-4047-8fc8-1db2a0e5e022 http.request.method=GET http.request.remoteaddr=172.30.0.61:49785 http.request.uri=/v2/ http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/json; charset=utf-8 http.response.duration=2.18228ms http.response.status=200 http.response.written=2 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:06 +0000] "GET /v2/ HTTP/1.1" 200 2 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

ERRO[0245] response completed with error                 err.code=blob unknown err.detail=sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 err.message=blob unknown to registry go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=73fe9af4-c92e-4858-9620-f8d607fde744 http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49787 http.request.uri=/v2/busybox/blobs/sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/json; charset=utf-8 http.response.duration=5.685235ms http.response.status=404 http.response.written=157 instance.id=6d378a90-539f-468a-956b-a52762846b0a vars.digest=sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 vars.name=busybox version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:06 +0000] "HEAD /v2/busybox/blobs/sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 HTTP/1.1" 404 157 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

ERRO[0245] response completed with error                 err.code=blob unknown err.detail=sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 err.message=blob unknown to registry go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=0c7f6165-8949-4957-9259-80e367321196 http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49786 http.request.uri=/v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/json; charset=utf-8 http.response.duration=3.106326ms http.response.status=404 http.response.written=157 instance.id=6d378a90-539f-468a-956b-a52762846b0a vars.digest=sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 vars.name=busybox version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:06 +0000] "HEAD /v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 404 157 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0245] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=25a1f642-9e26-492d-8e96-2bb77764c3a2 http.request.method=POST http.request.remoteaddr=172.30.0.61:49789 http.request.uri=/v2/busybox/blobs/uploads/?from=busybox&mount=sha256%3A385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=14.778019ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:06 +0000] "POST /v2/busybox/blobs/uploads/?from=busybox&mount=sha256%3A385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0245] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=565f43de-8326-4a49-aaa2-a3fd03c81d3b http.request.method=POST http.request.remoteaddr=172.30.0.61:49790 http.request.uri=/v2/busybox/blobs/uploads/?from=busybox&mount=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=13.292732ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:06 +0000] "POST /v2/busybox/blobs/uploads/?from=busybox&mount=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=41e6adc4-31f5-4dbb-8507-7e277256e2f3 http.request.method=PATCH http.request.remoteaddr=172.30.0.61:49791 http.request.uri=/v2/busybox/blobs/uploads/fd52a96a-d60a-48cd-a20c-58ed796e0af6?_state=t9bNaNe-qL8uHvTF7KgWLCGZ73HyAJ3b0wvF4HB2aHV7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImZkNTJhOTZhLWQ2MGEtNDhjZC1hMjBjLTU4ZWQ3OTZlMGFmNiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNi44NzE3MjAwMjRaIn0%3D http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=387.802246ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PATCH /v2/busybox/blobs/uploads/fd52a96a-d60a-48cd-a20c-58ed796e0af6?_state=t9bNaNe-qL8uHvTF7KgWLCGZ73HyAJ3b0wvF4HB2aHV7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImZkNTJhOTZhLWQ2MGEtNDhjZC1hMjBjLTU4ZWQ3OTZlMGFmNiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNi44NzE3MjAwMjRaIn0%3D HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=73279a5b-a40f-4d73-be33-d15898e33ca8 http.request.method=PUT http.request.remoteaddr=172.30.0.61:49793 http.request.uri=/v2/busybox/blobs/uploads/fd52a96a-d60a-48cd-a20c-58ed796e0af6?_state=fxwtojisv22bJUx6t36zB77iPovPpIVVzDYLAFzKliR7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImZkNTJhOTZhLWQ2MGEtNDhjZC1hMjBjLTU4ZWQ3OTZlMGFmNiIsIk9mZnNldCI6Njc1OTkyLCJTdGFydGVkQXQiOiIyMDE2LTA2LTAzVDEyOjA5OjA2WiJ9&digest=sha256%3A385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=23.673038ms http.response.status=201 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PUT /v2/busybox/blobs/uploads/fd52a96a-d60a-48cd-a20c-58ed796e0af6?_state=fxwtojisv22bJUx6t36zB77iPovPpIVVzDYLAFzKliR7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImZkNTJhOTZhLWQ2MGEtNDhjZC1hMjBjLTU4ZWQ3OTZlMGFmNiIsIk9mZnNldCI6Njc1OTkyLCJTdGFydGVkQXQiOiIyMDE2LTA2LTAzVDEyOjA5OjA2WiJ9&digest=sha256%3A385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 HTTP/1.1" 201 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=346544a1-105e-482c-8188-a6459b8b2bb7 http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49794 http.request.uri=/v2/busybox/blobs/sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/octet-stream http.response.duration=2.509231ms http.response.status=200 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "HEAD /v2/busybox/blobs/sha256:385e281300cc6d88bdd155e0931fbdfbb1801c2b0265340a40481ee2b733ae66 HTTP/1.1" 200 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=9b548106-d57f-4319-a668-8f164d1f7d61 http.request.method=PATCH http.request.remoteaddr=172.30.0.61:49792 http.request.uri=/v2/busybox/blobs/uploads/c9f1ca42-7567-44df-92d6-d00c232df782?_state=Bsf-croJJLdIXYgj3unAG9wWW9W7blNGbuf-1Bd3wed7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImM5ZjFjYTQyLTc1NjctNDRkZi05MmQ2LWQwMGMyMzJkZjc4MiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNi44NzU0OTc4NDZaIn0%3D http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=8.192915ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PATCH /v2/busybox/blobs/uploads/c9f1ca42-7567-44df-92d6-d00c232df782?_state=Bsf-croJJLdIXYgj3unAG9wWW9W7blNGbuf-1Bd3wed7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImM5ZjFjYTQyLTc1NjctNDRkZi05MmQ2LWQwMGMyMzJkZjc4MiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNi44NzU0OTc4NDZaIn0%3D HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=ff0b95d1-bf85-4c22-b5e9-3dd21ef78446 http.request.method=PUT http.request.remoteaddr=172.30.0.61:49795 http.request.uri=/v2/busybox/blobs/uploads/c9f1ca42-7567-44df-92d6-d00c232df782?_state=OzobGJczFDofrFOPbTqD0n_VKfVqhG4DtQ0-7G16ax97Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImM5ZjFjYTQyLTc1NjctNDRkZi05MmQ2LWQwMGMyMzJkZjc4MiIsIk9mZnNldCI6MzIsIlN0YXJ0ZWRBdCI6IjIwMTYtMDYtMDNUMTI6MDk6MDZaIn0%3D&digest=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=8.301881ms http.response.status=201 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PUT /v2/busybox/blobs/uploads/c9f1ca42-7567-44df-92d6-d00c232df782?_state=OzobGJczFDofrFOPbTqD0n_VKfVqhG4DtQ0-7G16ax97Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6ImM5ZjFjYTQyLTc1NjctNDRkZi05MmQ2LWQwMGMyMzJkZjc4MiIsIk9mZnNldCI6MzIsIlN0YXJ0ZWRBdCI6IjIwMTYtMDYtMDNUMTI6MDk6MDZaIn0%3D&digest=sha256%3Aa3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 201 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=61a531ba-2289-45ba-91eb-178a3e33d054 http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49796 http.request.uri=/v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/octet-stream http.response.duration=2.362327ms http.response.status=200 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "HEAD /v2/busybox/blobs/sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 HTTP/1.1" 200 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

ERRO[0246] response completed with error                 err.code=blob unknown err.detail=sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb err.message=blob unknown to registry go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=31d42b39-f953-448e-8eb7-9bd0d79230b8 http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49797 http.request.uri=/v2/busybox/blobs/sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/json; charset=utf-8 http.response.duration=2.495499ms http.response.status=404 http.response.written=157 instance.id=6d378a90-539f-468a-956b-a52762846b0a vars.digest=sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb vars.name=busybox version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "HEAD /v2/busybox/blobs/sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb HTTP/1.1" 404 157 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=6c590f49-6f7c-41cd-9eed-013ead28dd28 http.request.method=POST http.request.remoteaddr=172.30.0.61:49798 http.request.uri=/v2/busybox/blobs/uploads/ http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=24.244808ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "POST /v2/busybox/blobs/uploads/ HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=b7c6c7d7-41e1-4a06-a02a-e49b7701d773 http.request.method=PATCH http.request.remoteaddr=172.30.0.61:49799 http.request.uri=/v2/busybox/blobs/uploads/9739b386-1a40-4de3-a203-6ad31b039a6b?_state=fta1PlW3Az04vjVkJv0kqIkUouYW2_aPXOJ4utilveN7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6Ijk3MzliMzg2LTFhNDAtNGRlMy1hMjAzLTZhZDMxYjAzOWE2YiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNy42ODc0MTY4N1oifQ%3D%3D http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=7.827744ms http.response.status=202 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PATCH /v2/busybox/blobs/uploads/9739b386-1a40-4de3-a203-6ad31b039a6b?_state=fta1PlW3Az04vjVkJv0kqIkUouYW2_aPXOJ4utilveN7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6Ijk3MzliMzg2LTFhNDAtNGRlMy1hMjAzLTZhZDMxYjAzOWE2YiIsIk9mZnNldCI6MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowNy42ODc0MTY4N1oifQ%3D%3D HTTP/1.1" 202 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=3bb2301f-0e99-4af8-bfda-697141430a51 http.request.method=PUT http.request.remoteaddr=172.30.0.61:49800 http.request.uri=/v2/busybox/blobs/uploads/9739b386-1a40-4de3-a203-6ad31b039a6b?_state=q3YGejUhCGxd_j_KEzrRCJvYA7FEiM56AH3tcCtP3jd7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6Ijk3MzliMzg2LTFhNDAtNGRlMy1hMjAzLTZhZDMxYjAzOWE2YiIsIk9mZnNldCI6MTM3MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowN1oifQ%3D%3D&digest=sha256%3A47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=8.283914ms http.response.status=201 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PUT /v2/busybox/blobs/uploads/9739b386-1a40-4de3-a203-6ad31b039a6b?_state=q3YGejUhCGxd_j_KEzrRCJvYA7FEiM56AH3tcCtP3jd7Ik5hbWUiOiJidXN5Ym94IiwiVVVJRCI6Ijk3MzliMzg2LTFhNDAtNGRlMy1hMjAzLTZhZDMxYjAzOWE2YiIsIk9mZnNldCI6MTM3MCwiU3RhcnRlZEF0IjoiMjAxNi0wNi0wM1QxMjowOTowN1oifQ%3D%3D&digest=sha256%3A47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb HTTP/1.1" 201 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=ad1294fc-a37f-4811-8f47-20d88f27e25e http.request.method=HEAD http.request.remoteaddr=172.30.0.61:49802 http.request.uri=/v2/busybox/blobs/sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.contenttype=application/octet-stream http.response.duration=2.367339ms http.response.status=200 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "HEAD /v2/busybox/blobs/sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb HTTP/1.1" 200 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"

INFO[0246] response completed                            go.version=go1.5.3 http.request.contenttype=application/vnd.docker.distribution.manifest.v2+json http.request.host=ip-172-30-0-61.ec2.internal:15000 http.request.id=92e73536-b523-49b2-87fb-8003d693f640 http.request.method=PUT http.request.remoteaddr=172.30.0.61:49803 http.request.uri=/v2/busybox/manifests/45 http.request.useragent=docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64 http.response.duration=9.85733ms http.response.status=201 http.response.written=0 instance.id=6d378a90-539f-468a-956b-a52762846b0a version=v2.3.0

172.30.0.61 - - [03/Jun/2016:12:09:07 +0000] "PUT /v2/busybox/manifests/45 HTTP/1.1" 201 0 "" "docker/1.10.3-cs3 go/go1.5.4 git-commit/6df5588 kernel/3.10.0-327.el7.x86_64 os/linux arch/amd64"


























XuYongshi02



發佈了64 篇原創文章 · 獲贊 40 · 訪問量 13萬+





私信

關注

















發表評論














所有評論



還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.







相關文章








Docker 使用 CentOS 鏡像






使用 docker run 直接運行 CentOS 7 鏡像,並登錄 bash。
 
C:\Users\yhu>docker run -it centos:centos7 bash
Unable to find image 'c






原創

2024-05-15 11:11:36









界面組件DevExpress Reporting v24.1預覽版 - 擁有原生Angular報表查看器






DevExpress Reporting是.NET Framework下功能完善的報表平臺,它附帶了易於使用的Visual Studio報表設計器和豐富的報表控件集,包括數據透視表、圖表,因此您可以構建無與倫比、信息清晰的報表。
下一個主要






原創

2024-05-14 12:21:34









docker學習筆記一:本地鏡像管理






一:封裝容器爲新的鏡像文件
查看本地現有鏡像
命令:docker images
以f1cb7c7d58b7爲鏡像創建一個容器testb,在後臺運行。
命令:docker run --name testb -it -d f1cb7c






osc_7cws6vmd

2024-05-14 01:06:48









樹莓派真是個讓人慾罷不能的“小妖精”






大晚上不睡覺、枸杞泡起來@我 一個月之前、自從入了樹莓派4b 8g板之後、就無法自拔,上班除了開發業務代碼和搭建內部UI組件庫之外,就是不亦樂乎的學習docker、mysql、mongodb、php、python、frp等,採購了阿里雲E






osc_51airx3z

2024-05-14 00:37:28









Flink1.12 文檔






API
移除掉 ExecutionConfig 中過期的方法
移除掉了 ExecutionConfig#isLatencyTrackingEnabled 方法, 你可以使用 ExecutionConfig#getLatencyTracki






osc_bv96h8zs

2024-05-13 21:17:28









Linux 服務器配置-安裝portainer-ce社區版






操作系統Debian12
1. portainer 簡介
Portainer 是一個開源的輕量級容器管理工具,主要用於 Docker 和 Swarm 環境的可視化管理和操作。通過 Portainer,用戶可以通過簡潔易用的 Web UI






原創

2024-05-13 13:22:00









Linux服務器配置-安裝docker-ce社區版






1.查看linux內核版本和系統版本
docker的安裝和運行對linux版本和系統是有要求的。
查看linux內核版本
uname -a
root@server88:~# uname -a
Linux server88 6.1.0-18-






原創

2024-05-13 13:21:57









Docker 的 Busybox 操作系統鏡像






BusyBox是一個遵循GPL協議、以自由軟件形式發行的應用程序。
Busybox在單一的可執行文件中提供了精簡的Unix工具集,可運行於多款POSIX環境的操作系統,例如Linux(包括Android)、Hurd、FreeBSD等等。
由






原創

2024-05-13 11:45:19









使用NPS自建內網穿透服務器教程,帶WEB管理






自帶WEB管理的輕量級內網穿透工具NPS的各種搭建方式和使用教程,支持X86、ARM、MIPS平臺。
NPS介紹
nps是一款輕量級、高性能、功能強大的內網穿透代理服務器。目前支持TCP、UDP流量轉發,可支持任何tcp、udp上層協議(訪






Darren_Leo

2024-05-13 02:05:53









MySQL 通過 systemd 啓動時 hang 住了……






mysqld:哥,我起不來了……
作者:賁紹華,愛可生研發中心工程師,負責項目的需求與維護工作。其他身份:柯基鏟屎官。
愛可生開源社區出品,原創內容未經授權不得隨意使用,轉載請聯繫小編並註明來源。
本文約 2100 字,預計閱讀需要 7






原創

2024-05-10 00:35:39









CVE復現之老洞新探(CVE-2021-3156)






環境搭建
直接拉取合適的docker
docker 環境:
https://hub.docker.com/r/chenaotian/cve-2021-3156
下載glibc-2.27源碼和sudo-1.8.21源碼
漏洞分析






原創

2024-05-08 22:52:37









開發者分享:利用 EMQX Cloud 與 ESP32 微控制器實現智能液冷散熱系統






作者:陶德坤,EMQX Cloud 開發者。
作爲一名後端開發人員,我經常需要同時運行多個 Jetbrains IDE (集成開發環境),所以經常面臨筆記本電腦過熱問題。我曾嘗試過各種散熱方法,從傳統的風扇到更先進的半導體冷卻系統,但這些






原創

2024-05-07 21:55:53









Centos7 使用 Docker 安裝 owncloud






centos7 安裝 docker
安裝教程可參考:centos7 安裝 docker
開始安裝owncloud
1. 創建一個新的項目目錄
mkdir owncloud-docker-server
cd owncloud-doc






原創

2024-05-06 23:24:42









ollama使用






ollama 僅支持。gguf的格式    其他格式需要llama.cpp 轉換
curl https://ollama.ai/install.sh | sh
ollama --version
ollama pull llama2-chin






原創

2024-05-01 00:42:55









centos7下Docker 安裝






Docker 是一個開源的商業產品,有兩個版本:社區版(Community Edition,縮寫爲 CE)和企業版(Enterprise Edition,縮寫爲 EE)。企業版包含了一些收費服務,個人開發者一般用不到。下面的介紹都針對社區






原創

2024-04-26 13:11:00